2014-11-07 12:59 AM - edited 2015-03-06 12:59 PM
netgroup defines network wide groups used for access permission checking during remote mount request processing. Each line defines a group and has the format:
This is a typical netgroup file:
trusted_hosts (adminhost,,) (zeus,,) (thor,,) (minerva,,)
(sleepy,,) (dopey,,) (grumpy,,) (sneezy,,)
With this netgroup file it might make sense to modify /etc/exports to export / on the node only to trusted_hosts, but to export /home to all_hosts.
For further more details refer, https://library.netapp.com/ecmdocs/ECMP1196979/html/man5/na_netgroup.5.html
2014-11-07 11:28 AM
Thank you for the response. I appreciate it.
I know this but my question is can I define a host name AND IP Addresses in the netgroup? For example:
#netgroup file example
linuxhosts (rhel1.corp.com,,) (rhel1-nfs.corp.com,,) (10.10.97.113,,) (10.10.97.114,,)
We have a requirement to create exports and grant access to 1) the server hostname on VLAN1, i.e. rhel1.corp.com 2) the NFS interface hostname on VLAN2, i.e., rhel1-nfs.corp.com 3) the IP address for each of these two hostnames, i.e., 10.10.97.113, 10.10.97.114
I'd prefer not to have to list the IP addresses in the export file if I can just put them in to the netgroup.
2014-11-11 12:31 AM
You cannot define ipaddress in netgroup.
For example, the following would be a typical /etc/netgroup file, on a NIS master:
# cat /etc/netgroup
root-users (-,user1), (-,user2), (-,user3)
trusted-machines (machine1,-), (machine2,-), (machine3,-)
Netgroups are limited to 1024 characters in size.
If you need to put together a longer netgroup, you can do so by making a meta-group:
meta-group netgroup1 netgroup2 netgroup1
2015-11-05 10:47 AM
This thread is kind of old and marked as resolved, but this may help someone.
Something to try... (tested on 8.2.3p3 7-mode)
Add the ip addresses to your /etc/hosts file
# My Group 1
Use "HostGroup1" as the host in your NFS permissions, or your netgroup definition.
When a nfs host attaches, a reverse lookup via the order defined in nsswitch.conf is done. it will find the ip in the hosts file, and respond with the "HostGroup1" host name that matches your permissions directly or by netgroup it is listed in.